OpenID Connect Back-Channel Logout

lepture / authlib

The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.

https://authlib.org/

BSD 3-Clause "New" or "Revised" License

4.45k stars 445 forks source link

OpenID Connect Back-Channel Logout #560

Open azmeuk opened 1 year ago

azmeuk commented 1 year ago

I suggest to implement helpers for OpenID Connect Back-Channel Logout:

This specification defines a logout mechanism that uses direct back-channel communication between the OP and RPs being logged out; this differs from front-channel logout mechanisms, which communicate logout requests from the OP to RPs via the User Agent.

Related tickets #292 #500 #561

dhallam commented 1 year ago

Hi @azmeuk. Is this something you're working on, or is it just something you've identified that should be worked on in future?

azmeuk commented 1 year ago

I think this is an interesting feature and a good complement of #500. The combination of both specs would allow a user disconnection from one client to disconnect for all the other clients, and the IDP, all at once. I have implemented #500 directly in Canaille but not this spec yet. Anyways the spec logic is better implement here in authlib so it can benefit everyone.